livesoftrock

View previous topic View next topic Go down

livesoftrock

Post by Gerry48 on 10th February 2010, 1:03 am

Hi, I'm having problems with this virus. I downloaded Anti-Malware in safe mode, but can't get it to run. It's missing the file mbam.exe. Looks like there are plenty of files in this folder, but not the critical one.

I was able to download and run OTL.

Thanks for assistance. Gerry

OTL logfile created on: 2/9/2010 12:40:29 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 390.63 Gb Total Space | 274.07 Gb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive D: | 308.01 Gb Total Space | 302.81 Gb Free Space | 98.31% Space Free | Partition Type: NTFS
Drive E: | 552.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERALD-ABF3A4FD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/09 12:39:59 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\system32\gidogudi.dll
MOD - [2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\system32\mulirowo.dll
MOD - [2010/02/09 12:39:59 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2010/01/07 14:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 14:38:10 | 000,058,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\ZuneBusEnum.exe -- (ZuneBusEnum)
SRV - [2010/01/07 14:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/01/02 09:38:43 | 000,152,984 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/09/05 10:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Stopped] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)
SRV - [2008/08/27 16:32:03 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/19 12:28:58 | 000,055,816 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\GIGABYTE\GEST\GSvr.exe -- (GEST Service)
SRV - [2007/10/16 05:54:22 | 000,495,616 | ---- | M] (ATI Technologies Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/03/20 15:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/02/28 11:42:38 | 000,229,376 | ---- | M] (Apple Computer, Inc.) [Auto | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [1999/12/12 09:01:00 | 000,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)


========== Driver Services (SafeList) ==========

DRV - [2010/01/09 10:34:13 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/01/07 14:22:02 | 000,040,832 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zumbus.sys -- (zumbus)
DRV - [2010/01/06 11:23:40 | 000,021,361 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2010/01/05 18:04:02 | 000,385,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/01/05 18:04:02 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009/05/23 10:30:16 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/03/04 17:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2008/08/21 09:27:32 | 000,023,600 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32)
DRV - [2008/08/19 18:59:49 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2008/08/19 12:28:47 | 000,030,008 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2008/08/07 14:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol)
DRV - [2008/07/16 09:35:02 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/06/27 10:24:56 | 004,742,656 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/06/16 14:08:42 | 000,109,184 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/13 10:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 10:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 10:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/13 02:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/16 06:40:06 | 002,642,944 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/03/27 17:59:40 | 000,166,912 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2006/12/27 20:44:44 | 000,084,992 | R--- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdAud.sys -- (HdAudAddService)
DRV - [2005/06/24 18:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005/05/26 11:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005/05/26 11:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2004/08/04 04:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/05/24 09:51:14 | 000,446,020 | R--- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HCWBT8XX.sys -- (HCWBT8xx)
DRV - [2003/09/19 14:47:24 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/21 23:44:18 | 000,018,848 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\MLPTDR_Q.SYS -- (MLPTDR_Q)
DRV - [2003/07/16 13:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2000/08/03 14:25:12 | 000,023,296 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\pedrv.sys -- (PEDRV)
DRV - [1998/10/02 10:20:46 | 000,005,200 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\vichw11.sys -- (VICHW11)
DRV - [1996/04/03 22:33:26 | 000,005,248 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GIVEIO.SYS -- (GIVEIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/09 11:13:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/09 11:13:02 | 000,000,000 | ---D | M]

[2010/02/09 11:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/02/09 11:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fsb0kva0.default\extensions
[2010/02/06 08:37:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/11/10 12:13:56 | 000,652,576 | ---- | M] (Medical Informatics Engineering, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npzzatif.dll

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Program Files\Sprinter5\msdxm.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [muteyuhan] C:\WINDOWS\System32\gidogudi.DLL ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\OPware32.exe (Caere Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [xkcihvmu] C:\Documents and Settings\Gerry\Local Settings\Application Data\eylvpl\fdxnsftav.exe ()
O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe (Uniblue Software)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [MISPInst] C:\Documents and Settings\Administrator\Local Settings\Temp\McInstallTemp\Install.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Program Files\Sprinter5\msdxm.ocx (Microsoft Corporation)
O20 - AppInit_DLLs: (mulirowo.dll) - C:\WINDOWS\System32\mulirowo.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\gidogudi.dll) - C:\WINDOWS\system32\gidogudi.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: mojehetob - {17431b9e-a5ad-4ad2-beee-d1685ffab967} - C:\WINDOWS\system32\gidogudi.dll ()
O22 - SharedTaskScheduler: {17431b9e-a5ad-4ad2-beee-d1685ffab967} - jugezatag - C:\WINDOWS\system32\gidogudi.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/18 21:49:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/04 14:11:06 | 000,000,000 | R--D | M] - E:\autorun -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/09 12:39:59 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/09 11:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/09 11:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/02/09 10:42:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/09 10:42:18 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/09 10:42:18 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/09 08:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/02/09 08:50:47 | 008,327,264 | ---- | C] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.6.exe
[2010/02/09 08:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/02/09 08:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/02/09 08:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\System Tweaker
[2010/02/09 08:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/02/09 08:09:46 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/09 07:23:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/02/09 07:21:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2010/02/09 07:21:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2010/02/05 19:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Network
[2010/02/04 18:18:36 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010/02/04 18:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Zune
[2010/02/04 18:17:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2fs.dll
[2010/02/04 18:17:20 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2fs.dll
[2010/02/04 18:17:20 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imapi2.dll
[2010/02/04 18:17:20 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imapi2.dll
[2010/02/04 18:17:20 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdrom.sys
[2010/02/02 07:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Sprinter5
[2010/02/01 14:30:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/13 07:28:59 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009/09/14 11:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2009/06/27 06:23:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2008/08/18 21:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/08/18 21:49:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/08/18 21:49:25 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\kinahoke.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | M] () -- C:\WINDOWS\System32\gidogudi.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | M] () -- C:\WINDOWS\System32\nepivoyi.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\mulirowo.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\kipiheba.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\jalopeya.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | M] () -- C:\WINDOWS\System32\fiyobubi.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\bokeneja.dll
[2010/02/09 12:39:59 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/02/09 12:38:50 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\gufejevi
[2010/02/09 11:40:30 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/09 11:40:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/09 11:39:23 | 001,048,576 | -H-- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/02/09 11:39:23 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/09 11:20:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/09 11:17:39 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 11:11:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-492894223-725345543-1003UA.job
[2010/02/09 09:23:04 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/09 08:50:49 | 008,327,264 | ---- | M] (Mozilla) -- C:\Documents and Settings\Administrator\Desktop\Firefox Setup 3.6.exe
[2010/02/09 08:48:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial(3).exe
[2010/02/09 08:47:37 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial(2).exe
[2010/02/09 08:47:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial.exe
[2010/02/09 08:21:17 | 000,039,424 | -HS- | M] () -- C:\WINDOWS\System32\gejiwuvu.dll
[2010/02/09 08:08:33 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/02/06 08:22:25 | 000,520,410 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/02/06 08:22:25 | 000,440,684 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/02/06 08:22:25 | 000,071,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/02/04 18:18:39 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2010/02/04 18:18:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/02/04 18:18:37 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/04 18:18:24 | 000,000,628 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2010/02/03 07:42:15 | 000,002,241 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sprinter5.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\kinahoke.dll
[2099/01/01 12:00:00 | 000,093,184 | -HS- | C] () -- C:\WINDOWS\System32\gidogudi.dll
[2099/01/01 12:00:00 | 000,060,928 | -HS- | C] () -- C:\WINDOWS\System32\nepivoyi.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\mulirowo.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\kipiheba.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\jalopeya.dll
[2099/01/01 12:00:00 | 000,053,248 | -HS- | C] () -- C:\WINDOWS\System32\fiyobubi.dll
[2099/01/01 12:00:00 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\bokeneja.dll
[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\gufejevi
[2010/02/09 10:42:21 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/09 08:51:28 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/02/09 08:48:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial(3).exe
[2010/02/09 08:47:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial(2).exe
[2010/02/09 08:47:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DMSetup-Serial.exe
[2010/02/09 08:21:17 | 000,039,424 | -HS- | C] () -- C:\WINDOWS\System32\gejiwuvu.dll
[2010/02/09 08:08:33 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/02/04 18:18:39 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_zumbus_01009.Wdf
[2010/02/04 18:18:38 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010/02/04 18:18:24 | 000,000,628 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Zune.lnk
[2010/02/02 07:12:52 | 000,002,241 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sprinter5.lnk
[2009/11/29 16:33:02 | 000,013,824 | R--- | C] () -- C:\WINDOWS\System32\tblcf.dll
[2009/09/19 16:24:18 | 000,001,410 | ---- | C] () -- C:\WINDOWS\openhelp.ini
[2009/09/19 16:24:18 | 000,000,290 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2009/09/19 16:24:18 | 000,000,180 | ---- | C] () -- C:\WINDOWS\BCW.INI
[2009/09/19 16:24:18 | 000,000,087 | ---- | C] () -- C:\WINDOWS\TDW.INI
[2009/09/19 16:24:05 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\BIVBX11C.DLL
[2009/09/19 16:23:58 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW32000C.DLL
[2009/09/19 16:23:58 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\BW320007.DLL
[2009/09/19 16:23:33 | 000,000,200 | ---- | C] () -- C:\WINDOWS\OWL.INI
[2009/04/26 12:41:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2008/12/27 09:56:35 | 000,000,085 | ---- | C] () -- C:\WINDOWS\TOPO.INI
[2008/12/27 09:23:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2008/10/13 09:32:07 | 000,081,321 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2008/08/27 16:39:47 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/08/26 14:38:11 | 000,000,000 | R--- | C] () -- C:\WINDOWS\SA2006.ini
[2008/08/24 17:16:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2008/08/24 17:16:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2008/08/24 17:14:49 | 000,008,575 | R--- | C] () -- C:\WINDOWS\System32\D125UFW.INI
[2008/08/24 17:13:11 | 000,000,571 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/08/24 17:09:11 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2008/08/24 16:48:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2008/08/22 16:00:26 | 000,000,135 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/20 18:16:25 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2008/08/20 18:15:28 | 000,000,690 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2008/08/20 15:30:41 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/08/20 15:30:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/08/20 09:33:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/08/19 16:22:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2008/08/19 07:22:22 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2004/05/12 20:56:36 | 000,634,880 | ---- | C] () -- C:\WINDOWS\System32\pemicro_serialcm2.dll
[2003/11/17 23:39:38 | 000,014,740 | ---- | C] () -- C:\WINDOWS\MSTMON_Q.INI
[2003/06/29 19:13:24 | 000,011,521 | ---- | C] () -- C:\WINDOWS\MSUMLT_Q.INI
[2000/08/03 14:25:12 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\pedrv.sys
[2000/08/03 14:25:12 | 000,023,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\pedrv.sys
[1998/10/02 10:20:46 | 000,005,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\vichw11.sys
[1996/05/29 17:20:04 | 000,035,072 | ---- | C] () -- C:\WINDOWS\System32\SENDKEY.DLL
[1996/04/03 22:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\GIVEIO.SYS
< End of report >

OTL Extras logfile created on: 2/9/2010 12:40:29 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 390.63 Gb Total Space | 274.07 Gb Free Space | 70.16% Space Free | Partition Type: NTFS
Drive D: | 308.01 Gb Total Space | 302.81 Gb Free Space | 98.31% Space Free | Partition Type: NTFS
Drive E: | 552.01 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: GERALD-ABF3A4FD
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\GIGABYTE\GEST\run.exe" = C:\Program Files\GIGABYTE\GEST\run.exe:*:Enabled:update -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Freescale\CodeWarrior for ColdFire V7.1\bin\IDE.exe" = C:\Program Files\Freescale\CodeWarrior for ColdFire V7.1\bin\IDE.exe:*:Enabled:Integrated Development Environment -- (Freescale Semiconductor, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\McAfee\VirusScan\mcvsmap.exe" = C:\Program Files\McAfee\VirusScan\mcvsmap.exe:*:Enabled:mcvsmap -- File not found
"C:\Program Files\McAfee\MPF\MpfSrv.exe" = C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Standard
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{04FC6E53-33A5-B457-8EBD-370884B81E83}" = Catalyst Control Center Localization Norwegian
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D0913E6-8809-DC22-4771-6E4A0C69C1D9}" = Catalyst Control Center Localization French
"{0FC28F52-5BE9-B6A6-0E47-040F04A9AE3F}" = CCC Help Danish
"{12453E04-9738-4D16-8408-D726532C2C69}" = ASUS VGA Driver
"{1402D7D3-548E-C8D9-1B56-94DF70CA52DB}" = CCC Help French
"{1605416F-1546-EB43-4000-F64170D3DE25}" = Catalyst Control Center Graphics Full New
"{1705D880-A64E-96B8-1623-446CB4243BCC}" = CCC Help Portuguese
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{197B13CD-0597-C06D-9E06-3732E7A5459B}" = Catalyst Control Center Localization Spanish
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1D892DE7-FA53-6CCB-A755-FFC8CDD58CCB}" = CCC Help Czech
"{248C0F3C-D1E8-3169-6711-00F34C307F7A}" = CCC Help Swedish
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe Extendscript Toolkit 2
"{25FB0FCE-0B93-976A-C0A5-3ADE26A5DC95}" = Catalyst Control Center Localization Greek
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{27AB4200-EAAF-CB24-D5B4-40B761E573D3}" = CCC Help Polish
"{2809AFFB-F3CD-4879-B3B7-A3414C9EA142}" = DeLorme Street Atlas USA 2006
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B07D8A3-0BE7-B8BC-E295-040333F74CB4}" = Catalyst Control Center Localization Polish
"{2C0C658D-6239-4844-A873-A32F7E3840D2}" = Street Atlas USA 2006
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{346BA3F6-660A-81A1-D8FA-659465AF5F16}" = ccc-core-preinstall
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{38C05AAD-971E-4665-99EC-37796DCF5730}" = DeLorme Street Atlas USA 2006 Data
"{3E2D47BE-3896-CD6A-5333-634E8F4E1D09}" = CCC Help Chinese Traditional
"{3EDF7996-B5DD-7217-329E-E51EA50B8B08}" = Catalyst Control Center Localization Korean
"{3EE1008C-11A1-4F4F-8DB7-27573924DE78}" = DMIView B06.1227.01
"{3F533CDF-4EB7-942C-83C7-DA703DBF0D3A}" = Catalyst Control Center Graphics Light
"{40CD278E-33C2-6916-EFA6-DCBF7709060A}" = CCC Help English
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4C8E654C-8B9C-1A3E-651D-214E9019A8C6}" = Catalyst Control Center Localization Portuguese
"{4FC31A14-3D58-4F8F-85DA-EB3EBC771252}" = Catalyst Control Center - Branding
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F042B0-48F9-D28E-41BA-8AEB7144A664}" = Catalyst Control Center Localization Japanese
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver 1.0 B8.0128.1
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5E541DAB-6F2C-62F1-3212-F421792E9409}" = CCC Help Korean
"{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"{626D1263-11EB-8469-BDCD-F44464AFAB42}" = Catalyst Control Center Core Implementation
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A322AF6-94C0-C303-548F-EFBC0EE3FAC6}" = Catalyst Control Center Localization Dutch
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71CD0D37-EF43-438F-7AE6-D49DE09C7B55}" = Catalyst Control Center Localization Danish
"{7353B605-741D-C35E-7334-468FE2A4E9CB}" = Skins
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{79AA6806-69E1-7A15-9B8A-C3E36065B1FE}" = CCC Help Greek
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7BCCA0F5-4A74-2352-CFE6-04DABA6D5D28}" = Catalyst Control Center Graphics Full Existing
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{87A0FED6-9A2A-3BDE-FBB9-B44DBB9EC9F1}" = Catalyst Control Center Localization Turkish
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{98125266-1C84-5858-07AD-07983DFFAA60}" = Catalyst Control Center Localization Russian
"{9862B19F-4CAD-4EED-920F-2F378D84393F}" = ATI Parental Control & Encoder
"{98C2D59E-7B49-30F8-3A15-6A8428AFA3B9}" = Catalyst Control Center Localization Chinese Traditional
"{9C6105B4-2A33-4ADB-89A0-F423D562F3B9}" = ETC B07.1219.01
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{9F011792-C1AD-6D49-7418-703D17F710CC}" = CCC Help Turkish
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A8CDE964-E54B-4661-A44F-4286097DBB37}" = Street Atlas USA 2006
"{A9106BA5-3F1E-3528-93A7-2761CA0BFAD8}" = ccc-utility
"{AB8CAAA2-39EC-A896-8388-21F7C92BF91D}" = CCC Help Finnish
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AEF9CBFA-72BB-4E65-BA40-539A72180248}" = Sprinter 5.0
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9A46A4E-374E-5329-B26C-24A745AA7762}" = Catalyst Control Center Localization Finnish
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC2B6E0B-6932-FCFD-4DA2-2AB184B87320}" = CCC Help Italian
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BC944C49-FD30-42AD-A11D-03E3C89F2604}" = CodeWarrior Development Studio for ColdFire Architectures v7.1
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C123A6B5-8243-75C7-5CAD-A7E06C051D38}" = CCC Help German
"{C205EF8A-AC71-1A3C-DFCC-C2AC36D8A7B4}" = Catalyst Control Center Localization Swedish
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem Driver
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CABB5874-1452-637A-110B-883189586282}" = Catalyst Control Center Localization Hungarian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC4914EF-6618-4949-A1CF-BD4917A00221}" = SYSTEM_INFO B07.1219.01
"{CDD165A8-6D7F-3FE3-09BD-03052685294D}" = CCC Help Hungarian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A3418D-0275-1516-6622-AF377B272CA0}" = CCC Help Dutch
"{D1AD3651-EE2F-5221-D595-36A2ED3D5E75}" = Catalyst Control Center Localization Italian
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D380A631-0EFD-8325-D2DD-774A7ADDB628}" = ccc-core-static
"{D5679765-FADA-54E8-774E-748294020B96}" = CCC Help Russian
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D96A2309-4420-4BB6-AE4B-9873AA7C070F}" = Street Atlas USA 2006
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E0A1559B-9886-11D4-8D06-0050DA284A39}" = Scan Manager 5.2
"{E10761C7-F0F0-BC29-51E5-6F4886D5E72A}" = Catalyst Control Center Localization Chinese Standard
"{E306DBFD-E7A1-F65F-D652-99FEDE639AF9}" = Catalyst Control Center Localization German
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B07.1219.01
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BC7117-A5C8-D34E-72DE-D17E2B7BA2E5}" = CCC Help Norwegian
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2320CBF-B5A5-78A9-1E8E-D48DAF1E022D}" = CCC Help Thai
"{F31A1CA0-6F8B-F897-C8CA-7C64616582A0}" = CCC Help Spanish
"{F45B51DC-F6EA-0335-44B3-92395CEB782B}" = Catalyst Control Center Localization Thai
"{F5489F73-F631-6CEE-72ED-3B9E0C312F96}" = CCC Help Japanese
"{F55671E5-16AB-4A09-14C0-F53921535C25}" = Catalyst Control Center Localization Czech
"{FB7EBC2F-D27E-A906-28BF-58FE48F4F1D8}" = CCC Help Chinese Standard
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FFED7B1D-2F65-46DC-8CA6-44E16159EB90}" = Street Atlas USA 2006
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe Extendscript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"All ATI Software" = ATI - Software Uninstall Utility
"ArcSoft PhotoBase" = ArcSoft PhotoBase
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"Canon ScanGear Toolbox 3.1" = Canon ScanGear Toolbox 3.1
"ColdFire Init" = ColdFire Init
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DriverAgent.exe" = DriverAgent by TouchStone Software
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.1.0 (May 15, 2009)
"EasyGPS_is1" = EasyGPS 3.0
"Eviction Forms" = Eviction Forms
"Freescale USB_Lite by CMX" = Freescale USB_Lite by CMX
"Hauppauge English Help Files and Resources" = Hauppauge English Help Files and Resources
"Hauppauge WinTV Soft PVR" = Hauppauge WinTV Soft PVR
"Hauppauge WinTV Source Selector" = Hauppauge WinTV Source Selector
"Hauppauge WinTV2000" = Hauppauge WinTV2000
"ie8" = Windows Internet Explorer 8
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.7 (Standard)
"KONICA MINOLTA PagePro 1350W" = KONICA MINOLTA PagePro 1350W
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NMPUninstallKey" = Nero Media Player
"OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0
"Online Manuals for WinTV (English)" = Online Manuals for WinTV (English)
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"SysInfo" = Creative System Information
"System Tweaker_is1" = Uniblue System Tweaker
"TOPO!" = TOPO!
"TurboTax 2008" = TurboTax 2008
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.3
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZENcast Organizer" = ZENcast Organizer
"Zune" = Zune

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/9/2010 11:25:57 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:57 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:57 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:57 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:57 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:57 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:58 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:58 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:58 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 2/9/2010 11:25:58 AM | Computer Name = GERALD-ABF3A4FD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 2/9/2010 3:23:05 PM | Computer Name = GERALD-ABF3A4FD | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/9/2010 3:23:05 PM | Computer Name = GERALD-ABF3A4FD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 2/9/2010 3:30:02 PM | Computer Name = GERALD-ABF3A4FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/9/2010 3:31:17 PM | Computer Name = GERALD-ABF3A4FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/9/2010 3:39:23 PM | Computer Name = GERALD-ABF3A4FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/9/2010 3:40:47 PM | Computer Name = GERALD-ABF3A4FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/9/2010 3:41:57 PM | Computer Name = GERALD-ABF3A4FD | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 2/9/2010 3:58:49 PM | Computer Name = GERALD-ABF3A4FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/9/2010 4:32:48 PM | Computer Name = GERALD-ABF3A4FD | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.2 for the Network Card with network
address 001D7D0C0A1F has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2/9/2010 4:39:47 PM | Computer Name = GERALD-ABF3A4FD | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 10th February 2010, 3:11 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 10th February 2010, 4:24 pm

It didn't work. I wasn't able to run ComboFix(2) on the infected PC. When I run it (in safe mode), I can see it in Windows Task Manager (Processes) for about 10 seconds and then the entire task manager window disappears. I then pull up task manager again but then combofix(2).exe is gone. There's some weird stuff going on, even in safe mode. I tried a system reset to a previous date. The PC won't do it.

I also tried to download this program on my laptop. It has McAfee security. McAfee informs me there's a trojan called Artemis..... in the program. It's removed, but ComboFix will not finish the download process.

Gerry


Last edited by Gerry48 on 10th February 2010, 8:06 pm; edited 1 time in total (Reason for editing : no change)

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 10th February 2010, 7:52 pm

Hi, I decided to download malwarebytes from my laptop. I stored the program (along with the updates) on a usb drive. I then ran the program on the infected PC. Below is the file before the fix. I couldn't find a file after the fix. There is a Word file called changes. But I can't open it.

There were 4 files it did not fix.:
sys32\gidogudi.dll, jalopeya.dll, mulirowo.dll, zudalure.dll (not 100% sure on spelling)

The PC then booted up to normal windows. I didn't hang around long there because the "Windows Security Alert" is still present on the taskbar. I'm back in safe mode.

edit: after runing malwarebytes, I ran ComboFix again. Same result. For some unknown reason the program stopped after about 10 sec.

Gerry

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2/10/2010 11:13:56 AM
mbam-log-2010-02-10 (11-13-46).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 366895
Time elapsed: 35 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 3
Registry Values Infected: 4
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 42

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jalopeya.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mulirowo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zudalure.dll (Trojan.Vundo.H) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e46aec74-207e-4d68-a5a6-35d0b435a05d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{e46aec74-207e-4d68-a5a6-35d0b435a05d} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{666677b6-a0c4-4d71-9cf2-891f1241d73d} (Trojan.Vundo.H) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\muteyuhan (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{666677b6-a0c4-4d71-9cf2-891f1241d73d} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sezeboyeg (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yuzetiweda (Trojan.Vundo) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: jalopeya.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: mulirowo.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\fiyobubi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\bokeneja.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gejiwuvu.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\gidogudi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\jalopeya.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kinahoke.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\kipiheba.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\mulirowo.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nasumoti.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nepivoyi.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\yabonoke.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\zudalure.dll (Trojan.Vundo.H) -> No action taken.
C:\32788R22FWJFW\Combo-Fix.sys (Malware.Trace) -> No action taken.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OK7L27RI\default[1].htm (Trojan.Vundo.H) -> No action taken.
C:\Documents and Settings\Gerry\Local Settings\Temp\BYQWuyER.exe.part (Adware.Seekmo) -> No action taken.
C:\Documents and Settings\Gerry\Local Settings\Temp\TMP139.tmp (Trojan.Dropper) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP361\A0056690.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP430\A0081760.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP430\A0081761.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP430\A0081762.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP430\A0081763.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP430\A0081779.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP430\A0081780.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP431\A0081978.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP431\A0081979.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP431\A0081980.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP431\A0081981.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP431\A0081997.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP431\A0081998.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP432\A0082191.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP432\A0082192.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP432\A0082193.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP432\A0082194.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP432\A0082210.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP432\A0082211.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082404.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082405.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082406.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082407.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082408.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082424.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082425.dll (Trojan.Vundo.H) -> No action taken.


Last edited by Gerry48 on 10th February 2010, 8:09 pm; edited 1 time in total (Reason for editing : operating ComboFix)

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 10th February 2010, 11:08 pm

Hi, someone suggested running Windows Defender. I had to get out of safe mode to install it. During installation I get the message:

file msiexec.exc is infected. Do you want to activate your antivirus software now?

When I click Yes, it goes to livesoftrock.com

Gerry

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 11th February 2010, 4:12 am

Delete your copy of ComboFix; grab a fresh copy, except before you download it, rename it to blackpudding.bat


Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 11th February 2010, 5:28 pm

We've made some progress! Here's the file.

Gerry

ComboFix 10-02-10.05 - Administrator 02/11/2010 9:06.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.3013 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\backpudding.bat.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Gerry\Application Data\inst.exe
c:\documents and settings\Gerry\Local Settings\Application Data\eylvpl
c:\documents and settings\Gerry\Local Settings\Application Data\eylvpl\fdxnsftav.exe
c:\windows\system32\Thumbs.db
c:\windows\system32\twain_32.dll
c:\windows\system32\WORK.DAT
c:\windows\system32\wupd.dat
c:\windows\winhelp.ini

.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.

2010-02-10 19:26 . 2010-02-10 19:26 -------- d-----w- c:\documents and settings\Gerry\Application Data\Malwarebytes
2010-02-10 17:29 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-10 17:29 . 2010-02-10 17:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-10 17:29 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-09 19:13 . 2010-02-09 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-09 19:13 . 2010-02-09 19:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-09 16:43 . 2010-02-09 16:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-09 16:41 . 2010-02-09 16:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\System Tweaker
2010-02-09 15:23 . 2010-02-09 15:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Uniblue
2010-02-09 15:21 . 2010-02-09 15:21 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-09 15:21 . 2010-02-09 15:21 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-06 18:40 . 2007-03-20 21:49 2781184 ----a-w- c:\documents and settings\Gerry\Application Data\Adobe\Dreamweaver 9\Configuration\Flash Player\authplay.dll
2010-02-06 04:00 . 2010-02-06 04:00 144160 ----a-w- c:\documents and settings\Gerry\Application Data\Move Networks\uninstall.exe
2010-02-06 04:00 . 2010-02-06 04:00 1436320 ----a-w- c:\documents and settings\Gerry\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
2010-02-05 02:18 . 2008-11-08 02:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-02-05 02:18 . 2010-02-05 02:19 -------- d-----w- c:\program files\Zune
2010-02-05 02:17 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-02-05 02:17 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-02-05 02:17 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-02-05 02:17 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2010-02-05 02:17 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-02-02 15:12 . 2010-02-03 02:01 -------- d-----w- c:\program files\Sprinter5
2010-01-13 15:28 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 16:28 . 2008-08-20 00:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-08 15:33 . 2009-11-28 11:25 79488 ----a-w- c:\documents and settings\Gerry\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-06 05:29 . 2009-02-04 04:34 -------- d-----w- c:\documents and settings\Gerry\Application Data\Move Networks
2010-02-06 04:00 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Gerry\Application Data\Move Networks\plugins\npqmp071505000011.dll
2010-02-05 02:18 . 2010-02-05 02:18 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-02-05 02:18 . 2010-02-05 02:18 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-02-01 23:15 . 2008-08-21 14:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-09 18:34 . 2008-08-19 15:06 16608 ----a-w- c:\windows\gdrv.sys
2010-01-07 22:38 . 2010-01-07 22:38 447216 ----a-w- c:\windows\system32\ZuneWlanCfgSvc.exe
2010-01-07 22:38 . 2010-01-07 22:38 58592 ----a-w- c:\windows\system32\ZuneBusEnum.exe
2010-01-07 22:22 . 2010-01-07 22:22 40832 ----a-w- c:\windows\system32\drivers\zumbus.sys
2010-01-07 04:24 . 2010-01-03 21:32 -------- d-----w- c:\documents and settings\Gerry\Application Data\vlc
2010-01-06 23:35 . 2008-08-28 02:18 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-06 21:05 . 2008-08-21 03:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-01-06 19:23 . 2010-01-06 19:23 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-01-06 19:23 . 2010-01-06 19:23 -------- d-----w- c:\program files\Ralink
2010-01-06 19:23 . 2010-01-06 19:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver
2010-01-06 19:23 . 2008-08-19 15:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-06 02:04 . 2010-01-06 02:04 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-01-06 02:04 . 2008-08-20 17:07 385536 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-01-05 18:52 . 2010-01-05 18:52 1632 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-01-05 18:52 . 2010-01-05 15:51 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-01-05 15:52 . 2010-01-05 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-01-05 15:51 . 2010-01-05 15:51 -------- d-----w- c:\program files\Common Files\iS3
2010-01-03 21:31 . 2010-01-03 21:31 -------- d-----w- c:\program files\VideoLAN
2009-12-21 19:14 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-14 23:28 . 2009-12-14 23:28 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2009-12-10 19:27 . 2009-12-10 19:27 97144 ----a-w- c:\documents and settings\Gerry\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
2009-12-08 02:09 . 2008-08-19 15:42 58344 ----a-w- c:\documents and settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-08 01:41 . 2008-08-19 05:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\hulizoki.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\husudima.dll.tmp
1601-01-01 00:03 . 1601-01-01 00:03 52224 --sha-w- c:\windows\system32\zaworido.dll.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RTHDCPL"="RTHDCPL.EXE" [2008-06-27 16875008]
"SoundMan"="SOUNDMAN.EXE" [2008-06-19 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"OmniPage"="c:\program files\Caere\OmniPagePro90\opware32.exe" [1998-10-13 44032]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-12 623992]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-10-25 380928]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-01-07 158448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2010-1-6 1662976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Freescale\\CodeWarrior for ColdFire V7.1\\bin\\IDE.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

S2 MLPTDR_Q;MLPTDR_Q;c:\windows\system32\MLPTDR_Q.SYS [7/21/2003 11:44 PM 18848]
S2 PEDRV;P&E Microcomputer System PCI Driver.;c:\windows\system32\drivers\pedrv.sys [8/3/2000 2:25 PM 23296]
S2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RalinkRegistryWriter.exe [1/6/2010 11:23 AM 75040]
S2 VICHW11;P&E BDM Cable Driver II;c:\windows\system32\drivers\vichw11.sys [10/2/1998 10:20 AM 5200]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [8/19/2008 7:08 AM 55816]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [8/19/2008 7:22 AM 24944]
S3 HCWBT8xx;Hauppauge WinTV 848/9 WDM Video Driver;c:\windows\system32\drivers\HCWBT8XX.sys [8/20/2008 6:09 PM 446020]
S3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [9/1/2009 5:23 PM 28672]
S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [1/6/2010 11:23 AM 16512]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [11/16/2007 3:56 AM 709248]
.
Contents of the 'Scheduled Tasks' folder

2009-11-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-492894223-725345543-1003Core.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 02:56]

2010-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-492894223-725345543-1003UA.job
- c:\documents and settings\Gerry\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-30 02:56]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fsb0kva0.default\
FF - plugin: c:\documents and settings\Gerry\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-RunOnce-MISPInst - c:\documents and settings\Administrator\Local Settings\Temp\McInstallTemp\Install.exe
HKLM-Run-xkcihvmu - c:\documents and settings\Gerry\Local Settings\Application Data\eylvpl\fdxnsftav.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-Freescale USB_Lite by CMX - c:\cmxusb~1\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-02-11 09:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1757981266-492894223-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,17,9b,5f,ab,73,f6,4f,bf,83,30,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,17,9b,5f,ab,73,f6,4f,bf,83,30,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-11 09:09:49
ComboFix-quarantined-files.txt 2010-02-11 17:09

Pre-Run: 294,127,677,440 bytes free
Post-Run: 297,490,202,624 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 2D10D2FDC7EEB3E8DF050FF1158887A1

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 11th February 2010, 6:13 pm

I booted up in "normal" mode. I no longer see the fake antivirus icon on the far right side of the taskbar. I don't have any problems navigating the internet. It may be fixed!

Do you know what was removed to fix it?

I will wait for your reply if you feel more cleanup needs to be done.

Thanks, Gerry

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by cico7 on 11th February 2010, 7:08 pm

Moderated Message: Hello, your comment has been removed. Please do not post in another member's topic. If you need help, please read [You must be registered and logged in to see this link.] over and [You must be registered and logged in to see this link.] to open a new topic. ~DragonMaster Jay

cico7
Beginner
Beginner

Posts Posts : 1
Joined Joined : 2010-02-11
OS OS : xp
Points Points : 24955
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 11th February 2010, 8:04 pm

Bad files were removed. It was a rootkit, which is a very nasty infection.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 11th February 2010, 8:54 pm

I ran into a problem. I get an error when updating Malwarebytes.

The message says to report error to support team.
Error code 732 (12029,0)

Gerry

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 12th February 2010, 4:50 pm

Ok. Run scan without update.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 12th February 2010, 6:58 pm

Edit, just a note on my problem operating the latest version of Malwarebytes. I has an updated version on my usb drive which I previously used to get the first scan. It will not work now. I get error code 730. The scan listed is with no update.

Gerry

Malwarebytes' Anti-Malware 1.44
Database version: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/12/2010 10:44:30 AM
mbam-log-2010-02-12 (10-44-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 342056
Time elapsed: 36 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082679.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0051D062-8E3F-4B14-BC8C-68726A741AFA}\RP433\A0082822.sys (Malware.Trace) -> Quarantined and deleted successfully.


Last edited by Gerry48 on 12th February 2010, 7:21 pm; edited 1 time in total (Reason for editing : a little more info)

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 13th February 2010, 3:52 pm

This is a bug that will be fixed in the next version of Malwarebytes' Anti-Malware (1.45).

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 13th February 2010, 4:28 pm

Earlier today I tried to load McAfee. Before, I couldn't even download the setup. That now works, but installation failed (prior to your latest instructions).

Edit:

After the latest changes I again tried to install Cox Security Suite powered by McAfee. It will not install. I get error 12029. I still have a hȋdden problem.

Gerry

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Adobe After Effects CS3 Presets
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

` of date Spybot installed!
Spybot - Search & Destroy 1.3
Java(TM) 6 Update 11
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````


Last edited by Gerry48 on 13th February 2010, 6:02 pm; edited 1 time in total (Reason for editing : more info)

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 13th February 2010, 8:40 pm

Good news Jay. I did a search on McAfeer error 12029.
[You must be registered and logged in to see this link.]
From Alanclother:

"Under my browser tools/options/advanced/settings I reset it to "no proxy" right away as a part of the clean up but I missed the one under the control panel. I fought off and on for weeks until this morning I was digging around and found the other place I needed to correct:

Under control panel/internet options/connections/lan settings I unchecked proxy server."

That was my problem. Proxy server in control panel.

I was able to install Malwarebytes - with updates. Here's the log:

Gerry


Malwarebytes' Anti-Malware 1.44
Database version: 3734
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/13/2010 12:30:03 PM
mbam-log-2010-02-13 (12-30-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 327001
Time elapsed: 31 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xkcihvmu (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 14th February 2010, 7:04 pm

Please do a scan with [You must be registered and logged in to see this link.]

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 15th February 2010, 5:15 pm

It takes about 1.5 hours to scan. No threats or infected objects are displayed during scan. The report is blank.

Gerry

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 15th February 2010, 8:28 pm

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 15th February 2010, 9:03 pm

Malwarebytes' Anti-Malware 1.44
Database version: 3742
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/15/2010 1:02:45 PM
mbam-log-2010-02-15 (13-02-45).txt

Scan type: Quick Scan
Objects scanned: 125299
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 15th February 2010, 9:22 pm

Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE

You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done


To remove all of the tools we used and the files and folders they created, please do the following:
Please download [You must be registered and logged in to see this link.] by OldTimer:

  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

==

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start
    button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


==

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 15th February 2010, 11:30 pm

Security Check log:

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Adobe After Effects CS3 Presets
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:

` of date Spybot installed!
Spybot - Search & Destroy 1.3
Java(TM) 6 Update 18
Java Auto Updater
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent

``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 16th February 2010, 2:28 pm

Please download the newest version of Adobe Acrobat Reader from [You must be registered and logged in to see this link.]

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

====

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

Antivirus/Antispyware

  • [You must be registered and logged in to see this link.]: this is Microsoft's free antivirus/antispyware program. It equips you with protection against viruses, spyware, trojans, rootkits, and worms. It is also light on the computer's performance. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.
  • [You must be registered and logged in to see this link.]: this is one of the most powerful, and easiest to use security software. The free version equips you with protection against viruses, spyware, trojans, rootkits, worms, and rogue software. Note: when installing this, you have both an antivirus and antispyware. Make sure you also get a firewall.


Firewall

  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version.
  • [You must be registered and logged in to see this link.]: the free version is just as good as the premium. I have linked you to the free version. The optional security suite enhances the firewall by 40% increase. If you would like to install the suite that includes antivirus, then remove your old antivirus first.
  • [You must be registered and logged in to see this link.]: free and excellent firewall.


Note: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


See [You must be registered and logged in to see this link.] for more info about malware and prevention.

Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

Re: livesoftrock

Post by Gerry48 on 17th February 2010, 12:54 am

Thanks for your help Jay. I get free McAfee Security Center from my internet provider. I've installed it again. I believe my previous version became non-functional. I should have been more aware of the situation.

I also noticed I'm missing a program I've been using a long time - WinPatrol. It warns me when a program wants to change the registry. Do you have any opinion on this program?

Gerry

Gerry48
Novice
Novice

Posts Posts : 15
Joined Joined : 2010-02-09
OS OS : win xp
Points Points : 25174
# Likes # Likes : 0

View user profile

Back to top Go down

Re: livesoftrock

Post by Dr Jay on 17th February 2010, 2:52 am

That is good. Are you saying you cannot find it on your computer?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14310
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302971
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum